Forms authentication in a subfolder problem, please help

Discussion in 'ASP .Net' started by Kris van der Mast, Oct 30, 2003.

  1. Hi,

    I've created a little site for my sports club. In the root folder there are
    pages that are viewable by every anonymous user but at a certain subfolder
    my administration pages should be protected by forms authentication.

    When I create forms authentication at root level it works but when I move my
    code up to the subfolder I get this error:

    Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
    ----------------------------------------------------------------------------
    ----

    Configuration Error
    Description: An error occurred during the processing of a configuration file
    required to service this request. Please review the specific error details
    below and modify your configuration file appropriately.

    Parser Error Message: It is an error to use a section registered as
    allowDefinition='MachineToApplication' beyond application level. This error
    can be caused by a virtual directory not being configured as an application
    in IIS.

    Source Error:


    Line 12: />
    Line 13:
    Line 14: <authentication mode="Forms">
    Line 15: <forms loginUrl="loginnew.aspx"/>
    Line 16: </authentication>


    Source File:
    c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
    npages\web.config Line: 14


    ----------------------------------------------------------------------------
    ----
    Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
    Version:1.1.4322.573

    This is the code that I use:

    root level
    ----------

    web.config

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>

    <system.web>

    <!-- DYNAMIC DEBUG COMPILATION
    Set compilation debug="true" to enable ASPX debugging. Otherwise,
    setting this value to
    false will improve runtime performance of this application.
    Set compilation debug="true" to insert debugging symbols (.pdb
    information)
    into the compiled page. Because this creates a larger file that
    executes
    more slowly, you should set this value to true only when debugging
    and to
    false at all other times. For more information, refer to the
    documentation about
    debugging ASP.NET files.
    -->
    <compilation
    defaultLanguage="c#"
    debug="true"
    />

    <!-- CUSTOM ERROR MESSAGES
    Set customErrors mode="On" or "RemoteOnly" to enable custom error
    messages, "Off" to disable.
    Add <error> tags for each of the errors you want to handle.

    "On" Always display custom (friendly) messages.
    "Off" Always display detailed ASP.NET error information.
    "RemoteOnly" Display custom (friendly) messages only to users not
    running
    on the local Web server. This setting is recommended for security
    purposes, so
    that you do not display application detail information to remote
    clients.
    -->
    <customErrors
    mode="Off"
    />

    <!-- AUTHENTICATION
    This section sets the authentication policies of the application.
    Possible modes are "Windows",
    "Forms", "Passport" and "None"

    "None" No authentication is performed.
    "Windows" IIS performs authentication (Basic, Digest, or
    Integrated Windows) according to
    its settings for the application. Anonymous access must be
    disabled in IIS.
    "Forms" You provide a custom form (Web page) for users to enter
    their credentials, and then
    you authenticate them in your application. A user credential
    token is stored in a cookie.
    "Passport" Authentication is performed via a centralized
    authentication service provided
    by Microsoft that offers a single logon and core profile services
    for member sites.
    -->
    <authentication mode="Forms">
    <!-- <forms loginUrl="login.aspx"/> -->
    </authentication>

    <!-- AUTHORIZATION
    This section sets the authorization policies of the application.
    You can allow or deny access
    to application resources by user or role. Wildcards: "*" mean
    everyone, "?" means anonymous
    (unauthenticated) users.
    -->

    <authorization>
    <allow users="*"/>
    <!-- <deny users="?"/>-->
    <!-- <allow users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    <deny users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    -->
    </authorization>

    <!-- APPLICATION-LEVEL TRACE LOGGING
    Application-level tracing enables trace log output for every page
    within an application.
    Set trace enabled="true" to enable application trace logging. If
    pageOutput="true", the
    trace information will be displayed at the bottom of each page.
    Otherwise, you can view the
    application trace log by browsing the "trace.axd" page from your
    web application
    root.
    -->
    <trace
    enabled="false"
    requestLimit="10"
    pageOutput="false"
    traceMode="SortByTime"
    localOnly="true"
    />

    <!-- SESSION STATE SETTINGS
    By default ASP.NET uses cookies to identify which requests belong
    to a particular session.
    If cookies are not available, a session can be tracked by adding a
    session identifier to the URL.
    To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data
    source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="20"
    />

    <!-- GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization
    requestEncoding="utf-8"
    responseEncoding="utf-8"
    />

    </system.web>

    </configuration>

    For the pages here they just contain some user controls with text and
    sometimes read out some xml documents.

    ------------------------------------------------------------------

    administrationpages subfolder:
    -----------------------------------

    web.config

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>

    <system.web>
    <compilation
    defaultLanguage="c#"
    debug="true"
    />

    <customErrors
    mode="Off"
    />

    <authentication mode="Forms">
    <forms loginUrl="loginnew.aspx"/>
    </authentication>

    <authorization>
    <allow users="*" /> <!--Allow all users -->
    <!-- <allow users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    <deny users="[comma separated list of users]"
    roles="[comma separated list of roles]"/>
    -->
    <deny users="?"/>
    </authorization>

    <trace
    enabled="false"
    requestLimit="10"
    pageOutput="false"
    traceMode="SortByTime"
    localOnly="true"
    />

    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data
    source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="20"
    />

    <!-- GLOBALIZATION
    This section sets the globalization settings of the application.
    -->
    <globalization
    requestEncoding="utf-8"
    responseEncoding="utf-8"
    />

    </system.web>

    </configuration>


    newtestform.aspx

    <%@ Page language="c#" Codebehind="newtestform.aspx.cs"
    AutoEventWireup="false"
    Inherits="FormsAuthenticationTestingArea.administrationpages.newtestform" %>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
    <HTML>
    <HEAD>
    <title>newtestform</title>
    <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
    <meta name="CODE_LANGUAGE" Content="C#">
    <meta name="vs_defaultClientScript" content="JavaScript">
    <meta name="vs_targetSchema"
    content="http://schemas.microsoft.com/intellisense/ie5">
    </HEAD>
    <body MS_POSITIONING="FlowLayout">
    <form id="Form1" method="post" runat="server">
    <P>
    <asp:Label id="LabelMessage" runat="server"></asp:Label></P>
    <P>
    <asp:Button id="ButtonSignout" runat="server"
    Text="Signout"></asp:Button></P>
    <P>&nbsp;</P>
    </form>
    </body>
    </HTML>


    and code behind:

    using System;
    using System.Collections;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Web;
    using System.Web.SessionState;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.HtmlControls;

    namespace FormsAuthenticationTestingArea.administrationpages
    {
    /// <summary>
    /// Summary description for newtestform.
    /// </summary>
    public class newtestform : System.Web.UI.Page
    {
    protected System.Web.UI.WebControls.Label LabelMessage;
    protected System.Web.UI.WebControls.Button ButtonSignout;

    private void Page_Load(object sender, System.EventArgs e)
    {
    // Display the username
    LabelMessage.Text = "Hello " + Context.User.Identity.Name;
    }

    #region Web Form Designer generated code
    override protected void OnInit(EventArgs e)
    {
    //
    // CODEGEN: This call is required by the ASP.NET Web Form Designer.
    //
    InitializeComponent();
    base.OnInit(e);
    }

    /// <summary>
    /// Required method for Designer support - do not modify
    /// the contents of this method with the code editor.
    /// </summary>
    private void InitializeComponent()
    {
    this.ButtonSignout.Click += new
    System.EventHandler(this.ButtonSignout_Click);
    this.Load += new System.EventHandler(this.Page_Load);

    }
    #endregion

    private void ButtonSignout_Click(object sender, System.EventArgs e)
    {
    // Signout and redirect to login.aspx
    System.Web.Security.FormsAuthentication.SignOut();
    Response.Redirect(Request.UrlReferrer.ToString());
    }
    }
    }


    loginnew.aspx

    <%@ Page language="c#" Codebehind="loginnew.aspx.cs" AutoEventWireup="false"
    Inherits="FormsAuthenticationTestingArea.administrationpages.loginnew" %>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
    <HTML>
    <HEAD>
    <title>loginnew</title>
    <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
    <meta name="CODE_LANGUAGE" Content="C#">
    <meta name="vs_defaultClientScript" content="JavaScript">
    <meta name="vs_targetSchema"
    content="http://schemas.microsoft.com/intellisense/ie5">
    </HEAD>
    <body MS_POSITIONING="FlowLayout">
    <form id="Form1" method="post" runat="server">
    <P>
    <asp:TextBox id="TextBoxUserName"
    runat="server"></asp:TextBox></P>
    <P>
    <asp:TextBox id="TextBoxPassword" runat="server"
    TextMode="Password"></asp:TextBox></P>
    <P>
    <asp:CheckBox id="CheckBoxPersistent" runat="server"
    Text="Persistent"></asp:CheckBox>&nbsp;
    <asp:Button id="ButtonLogin" runat="server"
    Text="Login"></asp:Button></P>
    <P>
    <asp:Label id="LabelMessage" runat="server" Font-Bold="True"
    ForeColor="Red"></asp:Label></P>
    </form>
    </body>
    </HTML>

    and code behind:

    using System;
    using System.Collections;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Web;
    using System.Web.SessionState;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.HtmlControls;

    namespace FormsAuthenticationTestingArea.administrationpages
    {
    /// <summary>
    /// Summary description for loginnew.
    /// </summary>
    public class loginnew : System.Web.UI.Page
    {
    protected System.Web.UI.WebControls.TextBox TextBoxUserName;
    protected System.Web.UI.WebControls.TextBox TextBoxPassword;
    protected System.Web.UI.WebControls.CheckBox CheckBoxPersistent;
    protected System.Web.UI.WebControls.Button ButtonLogin;
    protected System.Web.UI.WebControls.Label LabelMessage;

    private void Page_Load(object sender, System.EventArgs e)
    {
    // Put user code to initialize the page here
    }

    #region Web Form Designer generated code
    override protected void OnInit(EventArgs e)
    {
    //
    // CODEGEN: This call is required by the ASP.NET Web Form Designer.
    //
    InitializeComponent();
    base.OnInit(e);
    }

    /// <summary>
    /// Required method for Designer support - do not modify
    /// the contents of this method with the code editor.
    /// </summary>
    private void InitializeComponent()
    {
    this.ButtonLogin.Click += new
    System.EventHandler(this.ButtonLogin_Click);
    this.Load += new System.EventHandler(this.Page_Load);

    }
    #endregion

    private void ButtonLogin_Click(object sender, System.EventArgs e)
    {
    // Validate username and password text boxes
    if (TextBoxUserName.Text == string.Empty || TextBoxPassword.Text
    == string.Empty)
    {
    LabelMessage.Text = "Username and Password cannot be empty";
    return;
    }

    // Authenticate the user
    bool CookieValue = false;
    if ((TextBoxUserName.Text == "Kris") && (TextBoxPassword.Text ==
    "bla"))
    {
    if (CheckBoxPersistent.Checked)
    {
    CookieValue = true;
    }
    else
    {
    CookieValue = false;
    }
    // If valid, redirect to protected resource

    System.Web.Security.FormsAuthentication.RedirectFromLoginPage(TextBoxUserNam
    e.Text,CookieValue);
    }
    else
    {
    // If invalid, display an error page
    LabelMessage.Text = "Invalid credentials, please try again";
    TextBoxUserName.Text = string.Empty;
    TextBoxPassword.Text = string.Empty;
    }
    }
    }
    }
     
    Kris van der Mast, Oct 30, 2003
    #1
    1. Advertising

  2. "Kris van der Mast" <> wrote in message
    news:...
    > Hi,
    >
    > I've created a little site for my sports club. In the root folder there

    are
    > pages that are viewable by every anonymous user but at a certain subfolder
    > my administration pages should be protected by forms authentication.
    >
    > When I create forms authentication at root level it works but when I move

    my
    > code up to the subfolder I get this error:
    >
    > Server Error in '/TestProjects/FormsAuthenticationTestingArea'

    Application.
    > --------------------------------------------------------------------------

    --
    > ----
    >
    > Configuration Error
    > Description: An error occurred during the processing of a configuration

    file
    > required to service this request. Please review the specific error details
    > below and modify your configuration file appropriately.
    >
    > Parser Error Message: It is an error to use a section registered as
    > allowDefinition='MachineToApplication' beyond application level. This

    error
    > can be caused by a virtual directory not being configured as an

    application
    > in IIS.
    >
    > Source Error:
    >
    >
    > Line 12: />
    > Line 13:
    > Line 14: <authentication mode="Forms">
    > Line 15: <forms loginUrl="loginnew.aspx"/>
    > Line 16: </authentication>
    >
    >
    > Source File:
    >

    c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
    > npages\web.config Line: 14



    This error usually means what it says. Is your subdirectory configured as an
    application in IIS?
    --
    John
     
    John Saunders, Oct 30, 2003
    #2
    1. Advertising

  3. "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    news:...
    > "Kris van der Mast" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I've created a little site for my sports club. In the root folder there

    > are
    > > pages that are viewable by every anonymous user but at a certain

    subfolder
    > > my administration pages should be protected by forms authentication.
    > >
    > > When I create forms authentication at root level it works but when I

    move
    > my
    > > code up to the subfolder I get this error:
    > >
    > > Server Error in '/TestProjects/FormsAuthenticationTestingArea'

    > Application.
    >
    > --------------------------------------------------------------------------
    > --
    > > ----
    > >
    > > Configuration Error
    > > Description: An error occurred during the processing of a configuration

    > file
    > > required to service this request. Please review the specific error

    details
    > > below and modify your configuration file appropriately.
    > >
    > > Parser Error Message: It is an error to use a section registered as
    > > allowDefinition='MachineToApplication' beyond application level. This

    > error
    > > can be caused by a virtual directory not being configured as an

    > application
    > > in IIS.
    > >
    > > Source Error:
    > >
    > >
    > > Line 12: />
    > > Line 13:
    > > Line 14: <authentication mode="Forms">
    > > Line 15: <forms loginUrl="loginnew.aspx"/>
    > > Line 16: </authentication>
    > >
    > >
    > > Source File:
    > >

    >

    c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
    > > npages\web.config Line: 14

    >
    >
    > This error usually means what it says. Is your subdirectory configured as

    an
    > application in IIS?


    This wasn't necessary. The application blew because I had left the
    authentication in the web.config of the subfolder. Removing this part (and
    some others like the one of sessionstate) solved the problem.

    Grz, Kris.
     
    Kris van der Mast, Nov 2, 2003
    #3
  4. "Kris van der Mast" <> wrote in message
    news:#...
    >
    > "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    > news:...
    > > "Kris van der Mast" <> wrote in message
    > > news:...
    > > > Hi,
    > > >
    > > > I've created a little site for my sports club. In the root folder

    there
    > > are
    > > > pages that are viewable by every anonymous user but at a certain

    > subfolder
    > > > my administration pages should be protected by forms authentication.
    > > >
    > > > When I create forms authentication at root level it works but when I

    > move
    > > my
    > > > code up to the subfolder I get this error:
    > > >
    > > > Server Error in '/TestProjects/FormsAuthenticationTestingArea'

    > > Application.
    > >

    >
    > --------------------------------------------------------------------------
    > > --
    > > > ----
    > > >
    > > > Configuration Error
    > > > Description: An error occurred during the processing of a

    configuration
    > > file
    > > > required to service this request. Please review the specific error

    > details
    > > > below and modify your configuration file appropriately.
    > > >
    > > > Parser Error Message: It is an error to use a section registered as
    > > > allowDefinition='MachineToApplication' beyond application level. This

    > > error
    > > > can be caused by a virtual directory not being configured as an

    > > application
    > > > in IIS.
    > > >
    > > > Source Error:
    > > >
    > > >
    > > > Line 12: />
    > > > Line 13:
    > > > Line 14: <authentication mode="Forms">
    > > > Line 15: <forms loginUrl="loginnew.aspx"/>
    > > > Line 16: </authentication>
    > > >
    > > >
    > > > Source File:
    > > >

    > >

    >

    c:\inetpub\wwwroot\TestProjects\FormsAuthenticationTestingArea\administratio
    > > > npages\web.config Line: 14

    > >
    > >
    > > This error usually means what it says. Is your subdirectory configured

    as
    > an
    > > application in IIS?

    >
    > This wasn't necessary. The application blew because I had left the
    > authentication in the web.config of the subfolder.


    That's what I was getting at. Your subfolder was not configured as an
    application, but the web.config in the subfolder used something which could
    only be used at machine or application level.
    --
    John
     
    John Saunders, Nov 4, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. joe
    Replies:
    0
    Views:
    430
  2. Kris van der Mast

    Forms authentication in a subfolder problem, please help

    Kris van der Mast, Oct 30, 2003, in forum: ASP .Net Security
    Replies:
    3
    Views:
    195
    John Saunders
    Nov 4, 2003
  3. Zeng
    Replies:
    1
    Views:
    145
    Paul Glavich
    Nov 25, 2003
  4. Brett Robichaud

    Forms Authentication in a subfolder

    Brett Robichaud, Apr 10, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    132
    Brett Robichaud
    Apr 10, 2004
  5. Eric
    Replies:
    2
    Views:
    595
Loading...

Share This Page